India’s Star Health confirms data breach after cybercriminals post customers’ health data online

Date:

Share post:


Star Health and Allied Insurance, one of the largest health insurance firms in India, has confirmed it was the target of a “malicious cyberattack,” some two weeks after cybercriminals claimed to post customers’ health records and other sensitive data online.

The Chennai-headquartered insurance giant told TechCrunch in a statement Wednesday that the cyberattack resulted in “unauthorized and illegal access to certain data,” though it stated its operations remained unaffected and services continued.

“A thorough and rigorous forensic investigation, led by independent cybersecurity experts, is underway, and we are working closely with government and regulatory authorities at every stage of this investigation, including by duly reporting the incident to the insurance and cybersecurity regulatory authorities apart from filing a criminal complaint,” the company said in its statement.

When asked by TechCrunch, Star Health would not say if the data breach included customers’ data.

Last month, a hacker group created chatbots on Telegram that leaked the alleged personal data belonging to 31 million Star Health policyholders and over 5.8 million insurance claims. The data included full names, phone numbers, and home addresses, as well as medical reports and insurance claims of individuals. The hackers also shared copies of customer ID cards and individuals’ tax details.

Star Health told TechCrunch at the time that the company was “investigating” the alleged theft.

Shortly after the hackers’ Telegram bots came to light, Star Health filed a legal complaint with the Madras High Court against Telegram for hosting the chatbots. The insurer also named Cloudflare in its lawsuit for its role in hosting the hacker group’s websites on its service.

India’s CERT-In told TechCrunch earlier that it was “already in process of taking appropriate action with the concerned authority.”

Details of the breach, and how the hackers obtained potentially millions of customers’ data, remain unclear.

The hackers’ website, used to publicize the Telegram bots sharing the allegedly stolen person data, includes a video allegedly showing screenshots and conversations between Star Health CISO Amarjeet Khanuja and the hacker group. TechCrunch is not linking to the site as it contains personally identifiable information.

The role of the company’s CISO in the cyberattack, if at all, is not yet known.

“We also want to categorically mention that our CISO has been duly co-operating in the investigation, and we have not arrived at any finding of wrongdoing by him till date. We request that his privacy be respected as we know that the threat actor is trying to create panic,” the insurer said Wednesday.

TechCrunch asked specific questions, including whether the insurer can confirm who accessed the data, whether it was an insider or a malicious intruder, and if it knows and can confirm what has been accessed or taken already. The insurer would not say.

Star Health, which provides health, personal accident, and overseas and travel insurance, has a network of more than 14,000 hospitals and over 850 branch offices across India. Star Health says on its website that it has provided health insurance coverage to 170 million individuals.



Source link

Lisa Holden
Lisa Holden
Lisa Holden is a news writer for LinkDaddy News. She writes health, sport, tech, and more. Some of her favorite topics include the latest trends in fitness and wellness, the best ways to use technology to improve your life, and the latest developments in medical research.

Recent posts

Related articles

OpenAI’s GPT-5 reportedly falling short of expectations

OpenAI’s efforts to develop its next major model, GPT-5, are running behind schedule, with results that don’t...

OpenAI announces new o3 model — but you can’t use it yet

Welcome back to Week in Review. This week, we’re looking at OpenAI’s last — and biggest —...

Google pushes back against DOJ’s ‘interventionist’ remedies in antitrust case

Google has offered up its own proposal in a recent antitrust case that saw the US Department...

If climate tech is dead, what comes next?

Humans have an innate desire to name things, but to be honest, we’re not always that good...

Hollywood angels: Here are the celebrities who are also star VCs

Becoming a venture capitalist has become the latest status symbol in Hollywood.  Everyone these days, from Olivia Wilde...

Meet Skyseed, a VC fund and incubator backing the Bluesky and AT Protocol ecosystem

On November 15, Peter Wang posted a message requesting ideas for a new incubator and fund to...

Sam Altman disputes Marc Andreessen’s description of AI meetings with Biden administration

Famed investor Marc Andreessen recently talked about meetings with Biden administration staff who gave him the impression...

EV startup Canoo places remaining employees on a ‘mandatory unpaid break’

Struggling electric van startup Canoo has placed its remaining employees on what it’s calling a “mandatory unpaid...